VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

CVE-2026-9082 in Drupal Core — active SQL injection; added to CISA KEV

CVE-2026-9082 в Drupal Core: активная SQL-инъекция, CISA добавила в KEV

Colleagues, please note: an actively exploited vulnerability in Drupal Core (CVE-2026-9082) has been detected. CISA added CVE-2026-9082 to the KEV list; a patch was released in under 48 hours. The flaw is an SQL injection affecting all supported versions and may enable privilege escalation and remote code execution. Imperva observed >15,000 attack attempts against ~6,000 sites across 65 countries, mainly targeting gaming and financial services. Patches available for 11.x and 10.x; 9.5 and 8.9 require manual mitigation. FCEB advises updating by 27 May. Why it matters: exploitation can escalate from reconnaissance to data theft or full takeover—update now. Have you checked your Drupal installs and patch plan? #cybersecurity #Drupal #vulnerabilities #infosec

Latest comments

No comments yet.